The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://support.apple.com/kb/HT6441 | |
| http://www.securityfocus.com/bid/69913 | vdb entry |
| http://www.securitytracker.com/id/1030866 | vdb entry |
| http://support.apple.com/kb/HT6442 | |
| http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html | vendor advisory |
| http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html | vendor advisory |
| http://www.securityfocus.com/bid/69882 | vdb entry |
| https://support.apple.com/kb/HT6535 | vendor advisory |
| http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96097 | vdb entry |